Associate Principal – Internal Audit (IT Audit)

Role & responsibilities

Competency Framework

Managing Process and Administration

• Develop, maintain and communicate detailed IT Audit framework, policies and processes aligned with the identified IT Risks to support Regional Head IA&C
• Conduct comprehensive annual IT risk assessment both the identification and evaluation of risk areas for the purposes of the yearly IT Audit planning through targeted risk interviews of various IT leaders/ teams across all BSAPIC GCs.
• Provide support, education and training to team/ employees as required to build risk awareness within the organization.
• Ensure successful completion of annual IT audit plan through effective supervision and within schedule and budget.

Support Regional Head IA&C:

• Work closely with Regional Head IA&C, in assessing the Groups IT framework, processes and controls
• Provide support to the Regional Head IA&C on various matters, such as preparing for the Audit Committee, supervising audit staff during audit assignments and planning audit assignments
• Assist and train other audit staff in the use of computerized audit techniques, and in developing methods for review and analysis of computerized information systems

IT Operational Audits:

• Plan and lead operational IT audit assignments including; planning, communication with auditees, developing audit programs, executing work assignments, supervising staff assigned to the audit (if applicable), preparing the audit report and presenting it to Local Management, including GC MDs.
• The scope of operational IT audits includes general and application control reviews for simple to complex computer information systems, system development standards, operating procedures, system security, programming controls, communication controls, backup and disaster recovery and system maintenance
• Conduct follow-up assessments and audits, if required, to ensure that prior recommendations have been adequately implemented
• Provide advice to Local Management and business operations on request, such as providing best practice advice on specific matters, how to implement audit recommendations and providing templates or policies from other companies
• Support the continuous improvement process and proactively suggest how the quality and efficiency of IT audits can be improved

J-SOX Audits:

• Plan and lead J-SOX ITGC audit assignments including; planning, communication with auditees, executing work assignments, preparing the audit report and presenting it to Local Management.
• Conduct follow up IT audits to ensure that prior recommendations have been adequately implemented

SAP SOD Reviews:

• Lead and drive SAP SOD (Segregation of Duty) reviews using third party SOD analysis software (Soterion) across BSAPIC GCs.

Stakeholder Engagement & Management

• Primary / first point of contact for IT related Controls and audits across all BSAPIC GCs
• Establish strong relationships with relevant stakeholders i.e. Regional Head, IT and other relevant BSAPIC IT leaders/ teams, as well as IT teams at GCs.
• Periodically present on IT-related Risk and report status of IT Audit projects and progress at the periodic IA meetings with BSAPIC CFO/ Regional Head of IT and other Executive Committee members, as deemed appropriate.

Tracking and closure of agreed Management Action Plans (MAPs):

• Ensure all MAPs are addressed and follow-up monthly basis for senior management reporting.
• Collaborate and provide relevant support to the business as necessary to ensure resolution and closure on a timely basis.

Global/Region/Local Assignment/Initiative/Task

• Lead and participate in IA initiatives i.e. Regional Conferences, special projects, where required and rendered support to BSAPIC AC reporting, compliance purposes and best practice sharing including engagement with IA leaders across the globe when required
• Lead and conclude special investigations when required and ensure resolutions are properly implemented
• Lead, engage and conduct consignment IT audits of Diversified Businesses (DB) (when assigned by J-Segment) across assigned country/GC

Team Management

• Drive the annual risk-based planning exercise for IT Audits (Operational and J-SOX) and planned monthly assignments ensuring all audit activities are performed as scheduled.
• Support Regional Head of IA&C in providing updated reports/results/status of audit findings to Senior Management and Audit Committee.
• Manage/ coach direct report(s) within the IT Audit team, as required.
• Manage other ad hoc tasks as required.

Ad-hoc Special Assignments:

• On request, lead and perform special investigations (including suspected frauds) and ensure the quality and completeness of the investigation. Present the outcome of special investigations to local and regional management and follow-up regularly to ensure that countermeasures have been properly implemented.
• Participate in other ad hoc studies, projects and other special assignments if requested.

Preferred candidate profile

• Bachelors Degree in IT/ Computer Science or equivalent, and a relevant professional qualification (e.g. CISA)
• Minimum ten (10) years of experience in IT audit/ controls
• At least two (2) years of experience as a People Manager focus on coaching, developing and motivating team members
• Clear knowledge and understanding of IT auditing methodologies
• Financial and IT application experience (e.g. SAP)
• Strong knowledge of current technological developments & trends (e.g. cyber security)
• Expertise in Firewalls, VPN, Data Loss Prevention, and Security audits.
• A collaborative team player across all functional teams and stakeholders
• Positive personality, enthusiastic and open-minded with self-motivation
• Strong planning skills, meticulous and well organized
• High level of integrity, persistent, structured and emotionally mature
• Strong focus on relevance, quality & accuracy (including good helicopter view of IT landscape and business orientation skills), and results-driven
• Possess technical acumen and an analytical mind-set with agile problem-solving skills and and decision-making abilities to be able to identify root causes to provide suitable solutions
• Excellent written & verbal communication skills (confident, clear, precise, especially for presentations)
• Strong presentation capabilities, including assertive negotiation and influencing skills with diplomacy. Ability to run workshops and meetings
• Fluency in English is essential, additional languages of the region would be a plus point
• Proactive (proposes improvement ideas, quickly raises potential issues and potential solutions)
• Ability to build and maintain effective internal and external relationships and respond to challenges and respond to requests from senior/executive level. Strong stakeholder management abilities
• Agile mindset with exposure to multi-cultural landscapes would be an advantage, demonstrating flexibility to adapt, resilience and eagerness to improve and develop new skills
• Manage time effectively, ability to prioritize work and manage service delivery targets in terms of project management and deliverables.
• Demonstrate sufficient self-awareness to identify personal strengths and areas for development
• Calm, reasonable and professional demeanor and ability to work under pressure
• Meticulous and keen attention to detail
• Willingness to travel around 25%, primarily in the Asia Pacific region